VMware Threat Carbon Black Report on cybersecurity: Survey results show fewer data leaks in Germany overall - Covid-19 pandemic brings new threats to cybersecurity.
VMware, Inc., a leading innovator in enterprise software, announces the results of its third threat report on cybersecurity in Germany. For the report, 2020 CIOs, CTOs and CISOs in Germany were surveyed in March and April 251 by the independent research company Opinion Matters on behalf of VMware Carbon Black.
The results show that both the volume of cyber attacks and the number of data leaks have increased less than last year. Still, almost 9 out of 10 security experts plan to increase their cyber defense investments in the coming year. German companies also use more than eleven different cybersecurity tools on average.
The most important survey results of the respondents from Germany:
- 70% said the volume of cyberattacks had increased in the past twelve months.
- 73% said their company had suffered a data breach in the past 2 months. On average, a company has suffered an average of XNUMX security breaches during this period.
- 82% said the attacks had matured.
- According to the survey, 86% said they plan to increase spending on cybersecurity in the coming year.
- According to the survey, weaknesses in processes are the main cause of data leaks. However, island hopping and third-party applications have also increased as causes.
- According to the survey, German companies use an average of 11 different security solutions as part of their security programs.
SMEs at great risk
The survey found that SMEs with 501-1000 employees appear to be at great risk: respondents in this sector reported an average increase in attack volume of 61%. These are companies that on the one hand generally do not have budgets or internal resources for IT security comparable to those of larger organizations, but whose data and digital assets are, on the other hand, still a worthwhile target for theft or blackmail. These SMEs are facing significantly more attacks and increasingly sophisticated attacks compared to smaller and larger companies.
Fileless attacks are the most common type of attack for organizations in this category. This type accounts for 43% of all attacks in SMBs. If you take the average of companies of all sizes, the proportion is only 20%.
"Island hopping is becoming more and more of a security risk," explains Rick McElroy, Cyber Strategist at VMware Carbon Black. “This is also a problem for many other companies. The combination with other risks emanating from third parties, such as third-party applications and risks in the supply chain, puts any Extended Enterprise under pressure. "
Complex and confusing multi-technology environments
German cybersecurity experts stated that they use an average of eleven different tools or consoles as part of their IT security programs. Such diversity is an indication of IT security environments that have evolved reactively: New threats have been countered with new security solutions.
"Silo environments that are difficult to manage give attackers an immediate advantage," says McElroy. “Research suggests that cyber attacks are more successful when IT security is not an integral part of the environment. As cyber threats become more and more extensive, excellent cybersecurity today requires rationalization, strategic thinking and a clear thrust in security measures. "
Survey results in the context of Covid-19
In addition to the originally planned survey, a supplementary survey was also carried out on the effects of Covid-19 on cybersecurity. * In this survey of more than 1.000 cybersecurity experts from the US, UK, Singapore and Italy, 91% of respondents said that the attack volume has increased. The reason for this is that more employees are working from home. 92% of respondents said their organizations have experienced cyberattacks related to Covid-19 malware.
The main results of the additional survey in the context of Covid-19
- 92% of respondents said they have been the victim of attempted malware attacks related to Covid-19; 89% stated that the IoT exposure risk has increased.
- According to the respondents, the biggest security threat during Covid-19 is not being able to set up multifactor authentication (MFA).
- 84% of respondents reported gaps in communication with external parties, such as customers, potential customers and partners. 48% said the gaps were significant.
"The Covid-19 pandemic has drawn attention to corporate resilience and disaster recovery planning," says McElroy. "Companies that have neglected multi-factor authentication up to now regret it: For 29% of respondents worldwide, its lack represents the greatest threat to the resilience of their company."
Participants were also asked whether Covid-19 identified gaps in their disaster recovery planning and how serious these gaps are:
- 88% of respondents reported gaps in disaster recovery planning ranging from mild to severe.
- 87% said they had identified gaps in their IT operations.
- 85% said they had problems setting up remote workplaces.
- 78% said they had problems communicating with employees.
- 84% said they had difficulty communicating with outside parties.
- 70% said the situation exposed gaps in cybersecurity threat visibility
"These numbers suggest that the CISOs surveyed likely experienced difficulties in several areas of IT security as they responded to the demands sparked by the Covid-19 pandemic," comments McElroy.
The survey also found that risks directly related to Covid-19 quickly emerged. In addition to the 92% of respondents who saw an increase in malware related to Covid-19, 89% reported increasing IoT exposure, 89% reported more phishing emails, and 88% said Spear Phishing has increased.
“The results of the 2020 survey show that security professionals need to work closely with management to shift the balance of power in favor of those who protect IT systems,” concludes McElroy. “We must work with the IT department to reduce the complexity in current systems. IT security must be an integral part of a company structure, i.e. of all applications, clouds and devices, right from the start. As a result, the risk of attack can be reduced, threats can be better identified and security gaps can be uncovered. "
More about the poll at carbonblack.com
Main survey methodology
In March 2020, VMware Carbon Black commissioned the independent market research company Opinion Matters to conduct a survey. CIOs, CTOs and CISOs from organizations from various sectors, including financial services, healthcare, government, retail, industrial, food and beverage, oil and gas industry, supplier companies, professional services and the media and entertainment industry were surveyed. 251 of the respondents were from Germany. The other respondents were from Australia, Canada, France, Italy, Japan, the Netherlands, the Nordic countries, Singapore, Spain, the United States and the United Kingdom.
* Methodology of the survey related to Covid-19
Survey method on Covid-19: The survey on Covid-19 was carried out by Opinion Matters in March and April 2020. 1002 CIOs, CTOs or CISOs from Italy, Singapore, the UK and the US were asked for their views on the challenges Covid-19 poses for cybersecurity and operations.
About VMware VMware is driving the world's digital infrastructure with its business software. The company's solutions in the areas of cloud, mobility, network and security provide more than 500.000 corporate customers worldwide with a dynamic and efficient digital basis for their business success. They are supported by the global VMware partner network, consisting of around 75.000 partners. Based in Palo Alto, California, the company has used its technological innovations for both corporate and social purposes for over 20 years. The German office of VMware is located in Munich. Further information can be found at: www.vmware.com/de. VMware and Carbon Black are registered trademarks of VMware, Inc. or its subsidiaries in the United States and other countries.